If you're a CISSP or a conspiracy theorist, you've probably heard of TEMPEST at least from a theoretical standpoint. Once again, Chris dives into a topic with zeal and presents his research and references. Now you too can be educated in the some more of the details of Compromising Emanations (CE).

Ok prepare to strap that tinfoil hat on two notches below excruciating, we’re going to talk about TEMPEST. What is TEMPEST? It’s defined in NSTISSI-7000 as:

Electronic and electromechanical information-processing equipment can produce unintentional intelligence-bearing emanations, commonly known as TEMPEST. If intercepted and analyzed, these emanations may disclose information transmitted, received, handled, or otherwise processed by the equipment. (1)

and in NSTISSI 7003 (TEMPEST GLOSSARY) as:

“A short name referring to investigations and studies of compromising emanations. It is often used synonymously for the term "compromising emanations"; e.g., TEMPEST tests, TEMPEST inspections.” (2)

Clear as mud? What this means is that your computer, your computer monitor, your CAT5 cable going into your router from your computer, your coax cable into your cable modem, and even your power cord going into the wall can carry electronic and electromechanical signals distances away from your computer and could possibly be intercepted either off the wires or through the air. Ok, maybe one more notch on that hat.

Good stuff! Talk of TEMPEST has been around for years, but it's funny how something like this gets pushed to the back of your mind. There is certainly a lot more scope for monitoring CE now than there were a few years back when I last read about TEMPEST.

Great article Chris! I did a little research into TEMPEST/Van Eck my self a while back...the Temptest for Elisa program is pretty cool, or at least I thought so.

Wondering if anyone here has played around with Eckbox? I wanted to try it, but found a lot of people who said it didn't work for them. Since I'm not very good with hardware, I didn't want to bother building an ADC for it if it wouldn't work anyway.

And while we're on the subject, let's not forget about Tinfoil Hat Linux! A cool name like that AND it fits on a floppy? You know it's gotta be good.

i think i am gonna try building that Eck Box when i get back from DC. and mess around with TEMEPST for Eliza. i only have my mac with me and was having compile issues with the libSDL piece. should compile fine on the linux box when i get back. might be a good thing i didnt throw out that old school monitor in the garage yet :-)

Last edited by LSOChris on Fri Mar 23, 2007 9:19 am, edited 1 time in total.

I thought it was a good example that intelligent data can be gathered from electrical RF emissions. I've had an on-and-off interest in TEMPEST ever since I read Cryptonomicon, so real-life presentations are always interesting to me. Although, I have yet to see a video of someone doing real-time screen captures (if anyone knows of one post it up!).

Michal Zalewski's book Silence on the Wire touches briefly on TEMPEST and other ways of gathering information from unintentional emissions such as NIC activity lights. The whole subject is really interesting.